Specialty Networks Data Breach Affects 411,000 Patients
Specialty Networks, Inc., a Chattanooga, TN-based provider of radiology information systems, digital transcription services, and enterprise practice management solutions for healthcare facilities, has recently announced a major data breach involving the protected health information of 411,037 current and former patients.
The announcement about the data breach was made on August 15, 2024; however, unauthorized activity within its computer systems was first detected on December 18, 2023. The forensic investigation confirmed there had been unauthorized access to its IT environment from December 11, 2023, to December 18, 2023, and during that time, files were exfiltrated that contained sensitive patient data.
The delay in announcing the breach was due to the time taken to review the affected files. On May 31, 2024, Specialty Networks learned that patients’ protected health information had been compromised, then notifications were issued to its covered entity clients, and on or around June 24, 2024, coordinated notification efforts with the affected providers, started verifying the affected information and obtaining up-to-date contact information to allow the individual notification to be mailed.
The types of information involved varied from individual to individual and may have included names in combination with one or more of the following: date of birth, driver’s license number, Social Security number, medical record number, treatment and condition information, diagnoses, medications, and health insurance information. The affected individuals were notified on August 15, 2024, and have been offered complimentary credit monitoring and identity theft protection services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
PHI Exposed in Business Email Compromise Attack on Mid-Columbia Center for Living
Mid-Columbia Center for Living in Oregon has notified 4,435 individuals that some of their personal information may have been accessed by unauthorized individuals in a recent business email compromise (BEC) incident. Suspicious activity was identified in an employee’s email account on January 24, 2024. The email account was secured, and an investigation was launched to determine the nature and scope of the incident.
The aim of BEC attacks is usually to divert payments to attacker-controlled accounts; however, it is possible that the attacker copied information from the email account. The review of the email account was completed on August 1, 2024, and confirmed that the following information had been exposed: first and last names, addresses, patient ID numbers, medical record numbers, Social Security numbers, physician names, treatment information, treatment dates, diagnoses/conditions, Medicaid numbers, and health insurance information. At the time of issuing notifications on August 19, 29024, no misuse of the affected data had been identified. Complimentary credit monitoring services and identity theft protection services have been offered to all affected individuals and additional safeguards have been implemented to prevent similar incidents in the future.
